diff --git a/clusters/cl01tl/platform/vault/Chart.yaml b/clusters/cl01tl/platform/vault/Chart.yaml index acc64575c..17e75cf74 100644 --- a/clusters/cl01tl/platform/vault/Chart.yaml +++ b/clusters/cl01tl/platform/vault/Chart.yaml @@ -8,6 +8,7 @@ keywords: home: https://wiki.alexlebens.dev/doc/vault-TJ1ocQp9WB sources: - https://github.com/hashicorp/vault + - https://github.com/lrstanley/vault-unseal - https://hub.docker.com/r/hashicorp/vault - https://github.com/hashicorp/vault-helm maintainers: diff --git a/clusters/cl01tl/platform/vault/templates/external-secret.yaml b/clusters/cl01tl/platform/vault/templates/external-secret.yaml index 14e1f487d..20a186a53 100644 --- a/clusters/cl01tl/platform/vault/templates/external-secret.yaml +++ b/clusters/cl01tl/platform/vault/templates/external-secret.yaml @@ -1,79 +1,79 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: vault-snapshot-agent-token -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: vault-snapshot-agent-token -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: snapshot -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# data: -# - secretKey: VAULT_APPROLE_ROLE_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/vault/snapshot/approle -# metadataPolicy: None -# property: role-id -# - secretKey: VAULT_APPROLE_SECRET_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/vault/snapshot/approle -# metadataPolicy: None -# property: secret-id +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: vault-snapshot-agent-token + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: vault-snapshot-agent-token + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: snapshot + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: VAULT_APPROLE_ROLE_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/vault/snapshot/approle + metadataPolicy: None + property: role-id + - secretKey: VAULT_APPROLE_SECRET_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/vault/snapshot/approle + metadataPolicy: None + property: secret-id -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: vault-snapshot-s3 -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: vault-snapshot-s3 -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: snapshot -# app.kubernetes.io/part-of: {{ .Release.Name }} -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# data: -# - secretKey: AWS_ACCESS_KEY_ID -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/vault-backup -# metadataPolicy: None -# property: AWS_ACCESS_KEY_ID -# - secretKey: AWS_DEFAULT_REGION -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/vault-backup -# metadataPolicy: None -# property: AWS_DEFAULT_REGION -# - secretKey: AWS_ENDPOINT_URL -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/vault-backup -# metadataPolicy: None -# property: AWS_ENDPOINT_URL -# - secretKey: AWS_SECRET_ACCESS_KEY -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /digital-ocean/home-infra/vault-backup -# metadataPolicy: None -# property: AWS_SECRET_ACCESS_KEY +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: vault-snapshot-s3 + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: vault-snapshot-s3 + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: snapshot + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/vault-backup + metadataPolicy: None + property: AWS_ACCESS_KEY_ID + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/vault-backup + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ENDPOINT_URL + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/vault-backup + metadataPolicy: None + property: AWS_ENDPOINT_URL + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/vault-backup + metadataPolicy: None + property: AWS_SECRET_ACCESS_KEY --- apiVersion: external-secrets.io/v1beta1